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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to communication(s) filed on 26 April 2005 . 
2a)IE This action is FINAL.- 2b)n This action is non-final. 

3) 0 Since this application is in condition for allowance except for fomnal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex pa/te Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) 13 Claim(s) 1-20 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) 13 Claim(s) 1-20 is/are rejected. 

7) \3 Claim(s) is/are objected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification is objected to by the Examiner. 

10) 0 The drawing(s) filed on is/are: a)n accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) 0 The oath or declaration is objected to by the Examiner. Note the attached Office Action orfonm PTO-152. 

Priority under 35 U.S.C. § 119 

12) n Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)n All b)n Some * c)^ None of: 

1 .□ Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

30 Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



1. This action is in response to the communication filed on April 26, 2005. Claim 1 
has been amended. Claims 1 -20 are pending. 



Response to Remarks/Arguments 

2. Claims 1 - 20 were rejected under 35 USC 102(e) as being anticipated by Joyce 
(U.S. Patent Number 6,519,703, hereafter "Joyce") and in response. Applicant amended 
Claim 1 . Applicant's remarks/arguments filed on April 26, 2005, with respect to 
amended Claim 1, independent Claim 17, dependent Claims 3, 4, 7, 8 - 10, 13, 14, 17 
and 18-20 have been fully considered but they are not persuasive. 

Referring to the previous Office action, Examiner had cited relevant portions of 
the references as a means to illustrate the system as taught by the prior art. As a 
means of providing further clarification as to what is taught by the references used in the 
first office action. Examiner has expanded the teachings for comprehensibility while 
maintaining the same grounds of rejection of the claims. 

Joyce teaches a method for processing packets in a computer communication 
network that includes steps of analyzing a packet stream to recognize potentially 
harmful packets and selecting packets for further analysis. Furthermore, Joyce teaches 
that the method able to learn (with updates), to provide a higher level of protection with 
multiple analysis methodologies and dynamically adapting to security exploit attempts. 



Application/Control Number: 09/976,516 Page 3 

Art Unit: 2136 

3, Regarding amended Claim 1 and independent Claim 1 1 , Applicant agrees that 
Joyce teaches receiving data packets from the Internet, performs analysis on these 
packets and interrupts transmission of packets that appears to have problems and 
forwards if no problems are detected, but argues that the distinction between the prior 
art and the instant application is that in the present invention "communicating with a 
second router to cause transmission of a future data packet to be interrupted when a 
determination has been made that a first data packet is harmful". This argument is not 
persuasive. 

Joyce discloses packets are transmitted to a first buffer that controls forwarding 
of the packet based upon multiple analysis and control the flow wherein the packets are 
forwarded to a second analysis stage to look for temporal or other anomalies in packet 
streaming, see Joyce Column 2 line 30 - Column 3 line 67, Joyce further discloses that 
the firewall methods and apparatus will learn from and adapt to data flows to migrate 
security threats wherein multiple analysis methodologies provide for enhanced security 
to dynamically adapt to security exploits, threats, and covert communications, see 
Joyce Column 6 line 66 - Column 7 line 6). 

4. Regarding Claims 3 and 1 3, argues that the prior art does not disclose "sending 
a command to an upstream router to interrupt future data packets from the originator"'. 
Joyce discloses sending a command to an upstream router (second buffer or control of 
disposition) to intercept future packets from the originator (Column 3 lines 5 - 54). 
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5. Regarding Claims 4 and 14, argues that the prior art does not disclose 
"forwarding an agent to an upstream router, the agent arranged to intercept future data 
packets from the originator". Joyce discloses forwarding an agent to an upstream router, 
the agent arranged to intercept future data packets from the originator by fon^/arding 
control of disposition of packets and control logic (agent) is provided for intercepting 
data packets (Column 3 line 5 - Column 4 line 21). 

6. Regarding Claims 7 and 17, argues that the prior art does not disclose, "first data 
packet is suspicious, it is decided to monitor future data packets having the same 
source or destination address". Joyce discloses analyzing raw data packets originating 
from network with destination information also enter and the data that have high 
confidence are forwarded without analysis but the data that have poor-confidence 
(suspicious) and further analyzed for session traffic based on a combination of source 
and destination address (Column 4 line 14 - 60). 

7. Regarding Claims 8-10 and 18-20, argues that the prior art does not disclose 
"collaborating with and identifying an upstream router". Joyce discloses collaborating 
with and identifying an upstream router wherein a correlation analysis router operates 
on multi-directional session data that is based on source and destination address to call 
on external/alternate process (from participating routers like pager system or alerting 
systems) (Column 4 line 22 - Column 5 line 33). 
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8. Applicant has not explicitly refuted the rejections for Claims 5, 6, 12, 15 and 16 
(See Remarks Pages 8-11). Examiner correctly notes that Applicant is agreeing with 
the prior art disclosure and further states that the rejection for Claims 5, 6, 12, 15 and 
16 are maintained. 

9, Applicant clearly has failed to explicitly identify specific claim limitations, which 
would define a patentable distinction over prior arts. Therefore, the examiner 
respectfully asserts that cited prior art does teach or suggest the subject matter broadly 
recited in independent claims 1 and 11. Dependent claims 2-10 and 12-20 are also 
rejected at least by virtue of their dependency on independent claims and by other 
reason set forth in this office action. 

Accordingly, the rejection for the pending Claims 1 - 20 is respectfully 
maintained. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except Uiat an 
international application filed under the treaty defined in section 35 1(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 
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10. Claims 1 - 20 are rejected under 35 U.S.C. 102(e) as being anticipated by Joyce 
(U.S. Patent Number 6,519,703). 

Regarding Claim 1, Joyce teaches and describes, a method for providing node 
security in a router of a packet network (Fig. 1, 2; Summary and Column 2 line 16- 
Column 5 line 17), comprising the steps of: 

monitoring a data packet sent from an originator via the router and addressed to 
a destination device other than the router (Column 2 lines 30 - 45); 

determining in the router whether the data packet is potentially harmful to the 
destination device (Column 2 lines 30 - 53); 

interrupting transmission of the data packet in response to determining that the 
data packet is potentially harmful to the destination device, comprising the step of 
communicating with a second router to cause the second router to interrupt 
transmission of a future data packet (Column 2 line 30 - Column 3 line 5); and 

transmitting the data packet in response to determining that the data packet is 
not potentially harmful to the destination device (Column 2 line 66 - Column 3 line 10). 

Regarding Claim 1 1 , Joyce teaches and describes, a router for providing node 
security in a packet network (Fig. 1, 2; Summary and Column 2 line 16 - Column 5 line 
17), comprising: 

a plurality of I/O ports for accepting a data packet sent from an originator via the 
router and addressed to a destination device other than the router, and for transmitting 
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the data packet to the destination device (Column 2 lines 16-40 and Column 4 lines 44 
- 55); and 

a processor coupled to the plurality of I/O ports for processing the data packet; 
wherein the processor is programmed to: monitor the data packet (Column 2 line 30 - 
Column 3 line 28 and Column 4 lines 44 - 60); 

determine whether the data packet is potentially harmful to the destination device 
(Column 2 lines 30-53); 

interrupt transmission of the data packet in response to determining that the data 
packet is potentially harmful to the destination device, including communicating with a 
second router to cause the second router to interrupt transmission of a future data 
packet (Column 2 line 30 - Column 3 line 5); and 

transmit the data packet in response to determining that the data packet is not 
potentially harmful to the destination device (Column 2 line 66 - Column 3 line 10). 

Claims 2 and 12 is rejected as applied above in rejecting claims 1 and 1 1 . 
Furthermore, Joyce teaches and describes a method for providing node security in a 
router of a packet network (Fig. 1, 2; Summary and Column 2 line 16 - Column 5 line 
17), wherein in response to interrupting the data packet, the processor is further 
programmed to discard a later data packet from the originator (Column 3 lines 29 - 54). 

Claims 3 and 13 is rejected as applied above in rejecting claims 1 and 1 1 . 
Furthermore, Joyce teaches and describes a method for providing node security in a 
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router of a packet network (Fig. 1, 2; Summary and Column 2 line 16 - Column 5 line 
17), wherein in response to interrupting the data packet, the processor is further 
programmed to send a command to an upstream router to intercept future data packets 
from the originator (Column 3 line 1 - 54). 

Claims 4 and 14 is rejected as applied above in rejecting claims 1 and 1 1 . 
Furthermore, Joyce teaches and describes a method for providing node security in a 
router of a packet network (Fig. 1, 2; Summary and Column 2 line 16 - Column 5 line 
17), wherein in response to interrupting the data packet, the processor is further 
programmed to forward an agent to an upstream router, the agent arranged to intercept 
future data packets from the originator (Column 3 line 59 - Column 4 line 21 ) . 

Claims 5 and 15 is rejected as applied above in rejecting claims 1 and 11. 
Furthermore, Joyce teaches and describes a method for providing node security in a 
router of a packet network (Fig. 1, 2; Summary and Column 2 line 16 - Column 5 line 
17), wherein the processor is further programmed to check for a potential presence of at 
least one of a worm, a virus, and a Trojan horse (Column 3 lines 1 - 37 and Column 4 
lines 22-29). 

Claims 6 and 16 is rejected as applied above in rejecting claims 1 and 11. 
Furthermore, Joyce teaches and describes a method for providing node security in a 
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router of a packet network (Fig. 1, 2; Summary and Column 2 line 16 - Column 5 line 
17), wherein the processor is further programmed to at least one of: 

random sample a subset of data packets (Column 6 lines 23 - 29); 

monitor data packets having a predetermined source address (Column 4 lines 22 

-43); 

monitor data packets having a predetermined destination address (Column 4 
lines 22-60); and 

monitor data packets having a predetermined combination of source and 
destination address (Column 4 lines 22 - 60). 

Claims 7 and 17 is rejected as applied above in rejecting claims 1 and 11. 
Furthermore, Joyce teaches and deschbes a method for providing node security in a 
router of a packet network (Fig. 1, 2; Summary and Column 2 line 16 - Column 5 line 
17), wherein the processor is further programmed, 

in response to determining that a first data packet is suspicious, to decide to 
monitor future data packets having at least one of a source address and a destination 
address matching, respectively, the source and the destination address of the first data 
packet (Column 4 lines 14 - 60). 

Claims 8 and 18 is rejected as applied above in rejecting claims 1 and 1 1 . 
Furthermore, Joyce teaches and describes a method for providing node security in a 
router of a packet network (Fig. 1 , 2; Summary and Column 2 line 16 - Column 5 line 
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17), wherein the processor is further programmed to collaborate with an upstream 
router to cause the upstream router to update its capabilities to detect a potentially 
harmful data packet (Column 4 line 14 - Column 5 line 17). 

Claims 9 and 19 is rejected as applied above in rejecting claims 1 and 11. 
Furthermore, Joyce teaches and describes a method for providing node security in a 
router of a packet network (Fig. 1, 2; Summary and Column 2 line 16 - Column 5 line 
17), wherein the processor is further programmed to collaborate with an upstream 
router that is not a neighbor of the router to have the upstream router block transmission 
from the originator (Column 3 line 1-14 and Column 4 lines 22 - 43). 

Claims 10 and 20 is rejected as applied above in rejecting claims 9 and 19. 
Furthermore, Joyce teaches and describes a method for providing node security in a 
router of a packet network (Fig. 1 , 2; Summary and Column 2 line 16 - Column 5 line 
17), wherein the processor is further programmed to identify the upstream router by 
sending a command to the originator, the command requesting address information 
from participating routers (Column 4 line 34 - Column 5 line 3). 

Conclusion 

1 1 . THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

12. Examiner's Note: Examiner has cited particular columns and line numbers in the 
references as applied to the claims above for the convenience of the applicant. 
Although the specified citations are representative of the teachings in the art and are 
applied to the specific limitations within the individual claim, other passages and figures 
may apply as well. It is respectfully requested from the applicant, in preparing the 
responses, to fully consider the references in entirety as potentially teaching all or part 
of the claimed invention, as well as the context of the passage as taught by the prior art 
or disclosed by the examiner 

13. Applicant is urged to consider the references. However, the references should be 
evaluated by what they suggest to one versed in the art, rather than by their specific 
disclosure. If applicants are aware of any better prior art than those are cited, they are 
required to bring the prior art to the attention of the examiner. 
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14. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Pramila Parthasarathy whose telephone number is 571- 
272-3866. The examiner can normally be reached on 8:00a.m. To 5:00p.m.. If attempts 
to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Ayaz 
Sheikh can be reached on 571-232-3795. Any inquiry of a general nature or relating to 
the status of this application or proceeding should be directed to the receptionist whose 
telephone number is 703-305-3900. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR only. For more 
information about the PAIR system, contact the Electronic Business Center (EBC) at 
866-217-9197 (toll-free). 



Pramila Parthasarathy 
June 21, 2005. 




